indexo.dev

tax.org.uk

.uk crawl

First seen 2026-04-14 · Last seen 2026-05-11 · ok HTTP/1.1 200 1274 ms crawled 2026-05-09

US · 104.26.9.237 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Home | Chartered Institute of Taxation
Description
Find out about how we are changing the face of tax. Watch our Welcome Video here. You can also get involved.
Language
en

Open Graph

url
https://bit.ly/3fEybKx
title
A Strong Voice for a Better Tax System

Technology

CDN
Cloudflare
CMS
Next.js
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (4)

  • assets-eu-01.kc-usercontent.com×10
  • px.ads.linkedin.com×1
  • use.typekit.net×1
  • www.googletagmanager.com×1

Registration

Registrar
Easyspace Ltd
Created
1996-02-06
Expires
2028-02-06 628 days left
Updated
2026-03-18
Name servers
  • isabel.ns.cloudflare.com.
  • marvin.ns.cloudflare.com.

DNS records live

NS
  • isabel.ns.cloudflare.com
  • marvin.ns.cloudflare.com
MX
  • 10 eu-smtp-inbound-1.mimecast.com
  • 10 eu-smtp-inbound-2.mimecast.com
TXT
Show 4 TXT records
  • 3s7qtWHJ+Nb94i5x7pzA3p6sj/UI/AJVYtQVSJ93PU1m7D1EHNfdOFj1TDpQ/mJYfpiM+8y/gpuNuUL0y8rFBQ==
  • _globalsign-domain-verification=1cc8aIGi230Ov41JybjKofgnVhdc3zGmLI9VQk3jQJ
  • _globalsign-domain-verification=dakMLh2MnS0gY-ggkraxSPmtZH9VverpAHYXYByA7C
  • _globalsign-domain-verification=dakmlh2mns0gy-ggkraxspmtzh9vverpahyxybya7c

Email authentication strong

SPF
v=spf1 a ip4:185.13.110.160/24 include:eu._netblocks.mimecast.com include:spf.exclaimer.net include:servers.mcsv.net include:customers.clickdimensions.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine;
policy: quarantine
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlTtWJvPvTSfvjTQnyU2cso1v8HCuNGtbCr2JDzXkxFfyZRe09cGcbwzStzaWIcdmwagIMuDwfAUdmPvZR…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8n/M4g6WqldLx8cm7f3UNfqb4/N+roIC/wGE/Kgs/BAlnCu+dplPYC4R4M2hx/D7iCwvGNuNf/npMMdWVYG783L…
selectors probed

Certificate (current)

WE1
from 2026-03-19 to 2026-06-17
Expires in 29 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://www.tax.org.uk/

present
  • strict-transport-security
  • content-security-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
connect-src 'self' *.ads.linkedin.com *.kontent.ai *.onetrust.com *.google-analytics.com *.algolianet.com *.algolia.net *.clarity.ms vercel.live *.pusher.com stats.g.doubleclick.net https://www.cvent.com wss: https://anchor.fm https://api.iconify.design; default-src 'self' https://assets-eu-01.kc-usercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.onetrust.com static.srcspot.com *.googletagmanager.com *.google-analytics.com *.clarity.ms challenges.cloudflare.com vercel.live *.youtube.com https://www.cvent.com https://www.cvent-assets.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' *.typekit.net vercel.live https://www.cvent-assets.com; img-src 'self' *.ads.linkedin.com *.kc-usercontent.com *.onetrust.com vercel.com *.clarity.ms *.google-analytics.com *.bing.com https://syndication.twitter.com blob: data:; font-src 'self' *.typekit.net vercel.live https://www.cvent-assets.com; object-src 'none'; base-uri 'self'; form-action 'self'; media-src
strict-transport-security
max-age=63072000

Links to (3)

Linked from (2)